Surface Pro

Security Update for Unified Access Gateway 2010 UP1 (KB 2522483)

Microsoft has released a security update to address several security issues. One that potentially compromises client computers running the Forefront Unified Access Gateway (UAG) Java endpoint component when connecting to internal resources via Forefront UAG. Second to protect against potential XSS attack. And last a fix to prevent potential DoS attack.

1. On client computers connecting to resources published by Forefront UAG, a client-side component runs to provide access and verify client compliance. The client-side component runs using an ActiveX control or a Java applet, depending on the client operating system and browser. This update addresses a security issue that allows an attacker to exploit the Java applet. Such an exploit potentially compromises all client computers that trust and use the correctly signed Java applet in order to connect to corporate resources via Forefront UAG.

2. An attack vector that might be used in a cross site scripting attack was identified and a fix was developed to protect against it.

3. A vulnerability that can potentially be used for a denial-of-service (DsS) attack was identified and a fix was developed to prevent it.

Supported Operating System

Windows Server 2008 R2

Forefront UAG 2010 UP1

1. Click the Download button on this page to start the download of a component.

2. Do one of the following:
• To start the installation immediately, click Run.
• To save the download to your computer for installation at a later time, click Save.
• To cancel the installation, click Cancel.